"Microsoft Windows has put on a lot of weight over the years" writs Randall Stross in a recent New York Times blog entry on Windows' legacy code. "Beginning as a thin veneer for older software code," he continues, "it has become an obese monolith built on an ancient frame. Adding features, plugging security holes, fixing bugs, fixing the fixes that never worked properly, all while maintaining compatibility with older software and hardware -- is there anything Windows doesn't try to do?" Does Microsoft have the business savvy or guts to rewrite Windows?

As such, not being stable and secure in the face of clueless users is a design flaw for a consumer OS.

I agree, this *is* a flaw. And the worst part is, the infrastructure is already there. It has been there since NT. It's the default setup (everyone is admin) that is flawed. It seems though this is slowly changing. Vista is a first step to a more sane approach. They could have done better, but I think (hope) the message here is "Vendors, make your software run as standard user, cause that's what you will be getting in 7". I am sick and tired of cleaning and reinstalling infected friends' PCs.

The UI brain-damage is something else, and there is nothing the user can do about it. You can be a competent user, and the Windows UI will still suck.

A novice can not work with it anyway, an experienced user is aggravated by the increasingly more and more number of clicks (read: user friendliness) required to perform what is (for the experienced) a simple task. IMHO they should create a beginner and experts mode UI. Beginner should have much less options than the ones shown now. Expert should have everything with much less hand-holding. But then again, it seems they don't want people to know or understand too much.

They could have done better, but I think (hope) the message here is "Vendors, make your software run as standard user, cause that's what you will be getting in 7". I am sick and tired of cleaning and reinstalling infected friends' PCs.

I believe that this one is a common misconception - the idea that "standard user" will somehow solve security problems.

In fact, this is quite stupid idea. The only thing that will be achieved this way is moving malware to "standard user" area as well.

And in the end, it is user's data what is the most valuable in PC (with emphasis on "Personal" here). What is the point of securing admin when viruses and trojan can still damage user's work?

Of course, with multi-user servers this is a different topic, but we are speaking about "personal OS" here.

BTW, I am speaking from personal experience. The only malware I ever had was Linux worm that happily lived in regular user acount with poor password... happily spreading ever after...